Header graphic for print

HL Chronicle of Data Protection

Privacy & Information Security News & Trends

Posted in News & Events

Privacy and Cybersecurity December 2016 Events

Please join us for our December 2016 Privacy and Cybersecurity Events.

December 1
Online Safety in the New Administration
Julie Brill moderated a panel on “Online Safety Policy in Transition” at the Family Online Safety Institute’s Annual Conference.
Location: Washington, D.C.

 

Continue Reading

Posted in Cybersecurity & Data Breaches

US Agencies Release Guidance for Securing the Internet of Things

shutterstock_246825967The Internet of Things continues to draw broad interest from policymakers and regulators around the globe. Following on the heels of a major distributed denial-of-service attack in October 2016 that leveraged potentially millions of compromised IoT devices, members of Congress have sent letters to US federal agencies regarding the risks posed by insecure IoT devices and held a hearing about what if anything should be the US federal response to such IoT-driven cyberattacks. Against that backdrop, in November 2016 two US federal agencies have issued guidance on securing IoT.

Continue Reading

Posted in Consumer Privacy

FTC Issues Sharing Economy Report

FTC-LogoIn June 2015, the Federal Trade Commission (FTC) held a workshop on The “Sharing” Economy: Issues Facing Platforms, Participants, and Regulators. The Commission also solicited public comments on the topic, receiving more than 2,000 comments in response. On 17 November, the Commission issued a report summarizing the issues explored in the workshop and the public comments. The report emphasized that the workshop (and its ensuing summary) was not intended “as a precursor to law enforcement” but “an opportunity to learn more” about this rapidly evolving business model and to aid “the Commission, as well as regulators, consumer groups, platforms, participants using the platforms, incumbent firms, and others” to address the unique issues raised by sharing economy platforms.

Continue Reading

Posted in Cybersecurity & Data Breaches, International/EU Privacy

China Passes Controversial Cyber Security Law

shutterstock_293627249China’s Cyber Security Law, which will take effect from 1 June, 2017 was adopted on 7 November.  The third draft of the law adopted by the Standing Committee of the National People’s Congress, China’s highest legislative authority, contained few changes from the second draft put forward for comment in July, 2016 (see our briefing).  The net result is continued controversy coupled with a dose of uncertainty (never a good combination), with multi-national businesses in particular questioning the intent of the law and criticising its vagueness.  The final draft contains a number of broadly-framed defined terms that are critical to its interpretation which continue to leave much to be resolved through detailed measures that may or may not follow, as a lack of clarity leaves room for interpretation.  All in all, the direction of travel is towards a much more heavily regulated Chinese internet and technology sector, with an open question as to whether China’s cyber space will be integrated with the rest of the world in the coming years or will plough its own virtual furrow.

Continue Reading

Posted in News & Events

GDPR Implementation Guide Available

hoganLogo_greenWe are pleased to announce that Hogan Lovells Frankfurt-based Partner Tim Wybitul has published a handbook – EU-Datenschutz-Grundverordnung im Unternehmen: Praxisleitfaden – to assist organizations with compliance with the European General Data Protection Regulation (GDPR). Written in German, the handbook includes plain-language summaries of GDPR requirements as well as project-planning and other checklists and examples to aid companies in complying with the Regulation. The handbook draws upon case studies to present lessons learned by several companies in their efforts to develop GDPR-compliant programs and is designed to be a useful resource for companies of all sizes. Jan Albrecht, member of the EU Parliament and rapporteur on the GDPR, contributed the preface.

The handbook is currently available in German here as well as directly from the author. An English language version of the key chapters of the handbook will be available shortly.

Posted in Consumer Privacy

Details of Legal Challenge to Privacy Shield Revealed

shutterstock_372312025Ever since the first draft of the EU-US Privacy Shield framework was published in early 2016, groups opposed to the idea have indicated their intent to challenge the legality of the framework under EU law. Recently, the privacy advocacy group Digital Rights Ireland (DRI) made good on that promise.  Following the filing of a formal complaint on 15 September asking for an annulment of the framework by the Court of Justice of the European Union (CJEU), DRI has now made public the details of its complaint. Continue Reading

Posted in International/EU Privacy

Moscow Court Upholds Ruling to Block LinkedIn in Russia for Non-Compliance with Data Localization Law

shutterstock_366140141In a case with major significance for foreign online businesses that do business in Russia, on Thursday, 10 November the Moscow City Court sustained a lower court ruling that granted the request of the Russian Data Protection Authority (Roskomnadzor) to block access to social network LinkedIn within Russian territory. Continue Reading

Posted in Cybersecurity & Data Breaches

Cybersecurity Regulation in Asia: The Tightening Lines of Defense

offset_202677 Retouched 300x254In September, we proudly launched our online client cybersecurity resource portal: Ready, Set, Respond.  The portal was designed by our cross-practice team of global practitioners to provide in-house counsel with the tools they need to not only prepare for the inevitable cybersecurity incident, but to quickly and easily stay up to date on the evolving state of cybersecurity regulation around the world.  Today, we’re taking a closer look at the Asia region with our partner Mark Parsons. Visit Ready, Set, Respond for more information or to take advantage of the tools and data available there.

Continue Reading

Posted in International/EU Privacy

German DPAs Launch Enquiry into International Data Transfers

Cross-Border Transfer500 German companies will be asked in the coming weeks by 10 German data protection authorities (“DPAs”) to complete an extensive and detailed questionnaire about their transfers of personal data to third countries. Companies must indicate how they ensure an adequate level of data protection for such data transfers. The questionnaire also covers the use of cloud services provided by U.S. entities. The enquiry and the questionnaire (but not the list of targeted companies) were published by the German DPAs on 3 November 2016. Continue Reading

Posted in Health Privacy/HIPAA

Recap of the OCR/NIST Conference on Safeguarding Health Information

shutterstock_366825284Representatives from government and the private sector discussed the present state of healthcare cybersecurity, and experts discussed practical strategies for implementing the HIPAA Security Rule at the ninth annual “Safeguarding Health Information: Building Assurance through HIPAA Security” conference held from October 19–20, 2016 and co-hosted by the National Institute of Standards and Technology (NIST) and the Department of Health and Human Services (HHS), Office for Civil Rights (OCR). Comprehensive, enterprise-wide risk analysis and risk management practices remained points of emphasis throughout the conference. OCR Director Jocelyn Samuels pointed to recent statements by the President and characterized digital threats as a public health crisis. Additional themes, which we outline in this post, also emerged.

Continue Reading